Set up sudo so that a particular common user can edit /etc/fstab

Question

How can I set up sudo so that a particular common user can edit /etc/fstab? I've thought to edit /etc/sudoers.d file to do this, but how do we edit /etc/fstab in this file?

pa4080 · Answer 1 · 2018-02-27T16:24:47.810

Create simple script, called editfstab and located in /usr/local/bin (to be accessible as shell command), and make it executable:

echo -e '#!/bin/sh\nnano /etc/fstab' | sudo tee /usr/local/bin/editfstab && sudo chmod +x /usr/local/bin/editfstab

Run the command sudo visudo -f /etc/sudoers.d/editfstab and add the following rule as content of the newly created file:

ALL ALL=NOPASSWD: /usr/local/bin/editfstab

At this point, each system user will be able to edit /etc/fstab, without password, by the command:

sudo editfstab

You can extend the functionality of /usr/local/bin/editfstab by adding a feature to make backup copy before edit:

#!/bin/sh
cp /etc/fstab /etc/fstab.bak
nano /etc/fstab

score 1 · Answer 2 · answered Feb 27 '18 at 16:24

Adding a line in sudoers.d with you favorite editing software in a cmd alias should do the trick :

Cmnd_Alias EDITFSTAB = /etc/bin/vim /etc/fstab
username    ALL = (user) EDITFSTAB

Be careful, there is a huge risk of escape privilege, maybe you should write a basic shell script to restrict/control fstab modifications WITHOUT using editor (ie "for that modification, press 1" and echo-ing right in fstab).

Set up sudo so that a particular common user can edit /etc/fstab

2 Answers2